The use of artificial intelligence (AI) models in healthcare settings without proper oversight is the most significant health technology hazard for 2025, according to the patient safety organization ECRI. The nonprofit’s 18th annual report on the top 10 health technology hazards highlights AI-related risks. The report, designed to inform healthcare professionals and journalists, identifies threats to patient safety and offers recommendations to reduce risks.
Top Hazards Identified
While the complete document is available solely to ECRI members, an executive brief summarizing key findings is accessible to journalists. Here are the leading concerns identified by ECRI for 2025:
- Risks associated with AI-enabled health technologies
- Unmet technology support needs for home care patients
- Vulnerable technology vendors and cybersecurity threats
- Substandard or fraudulent medical devices and supplies
- Fire risk in areas where supplemental oxygen is in use
- Dangerously low default alarm limits on anesthesia units
- Mishandled temporary holds on medication orders
- Infection risks and tripping hazards from poorly managed infusion lines
- Skin injuries from medical adhesive products
- Incomplete investigations of infusion system incidents
ECRI’s list is compiled from member surveys, literature reviews, medical device testing, and patient safety incident investigations.
The AI Dilemma
AI promises greater efficiency and precision in medical diagnoses and treatments, but it also presents potential dangers. The report’s authors note that biases within the data used to train AI models can lead to inconsistent health outcomes or inappropriate responses. Additionally, AI systems may produce “hallucinations,” generating false responses to certain prompts, and their performance can potentially degrade over time. The organization stresses that AI’s “tremendous potential value” as a tool to assist clinicians and healthcare staff can only be realized with human decision-making at the core of the care process. “Placing too much trust in an AI model — and failing to appropriately scrutinize its output — may lead to inappropriate patient care decisions,” the executive brief states. “Leveraging AI to improve patient care requires that organizations define clear goals, assess and manage risks, evaluate options, develop effective implementation plans, manage expectations, and monitor performance for signs of degradation over time.”
Home Care Technology Concerns
Regarding home care technology, the report highlights that delivering care in the home presents its own set of challenges, especially when patients or family members are responsible for complex medical device operation, such as infusion pumps, ventilators, or dialysis machines. As home healthcare models gain popularity, devices once used only under clinical supervision are now being used in the home environment. “The end users are different,” said Priyanka Shah, M.S., a principal project engineer for ECRI, during a December 5 webinar covering the report’s findings. “These are patients, caregivers or lay users who are now tasked with maintaining the devices, troubleshooting, setting them up, etc.” Shah stated that healthcare institutions offering these programs need to select devices that align with a patient’s needs, abilities, and environment, as well as ensure that instructions are in the patient’s preferred language and readily understandable. Patients should also receive the appropriate training on how to use the equipment. Inattention to these aspects can lead to errors or care delays and other negative outcomes from device malfunctions. ECRI reported having encountered “numerous examples of patient harm” attributable to incorrect setup or lack of familiarity with medical devices in home settings.
Cybersecurity Threats
Vulnerable technology vendors and cybersecurity threats were third on the list of concerns. Many healthcare systems today employ and rely on technology products hosted by external vendors, including scheduling, billing, electronic health records, and other programs. According to the authors, although there are benefits to utilizing third-party tools, hospital operations may be jeopardized by cyberattacks, data breaches, or service disruptions to the vendor. The February 2024 attack on Change Healthcare, one of the largest clearinghouses for insurance billing and payments, serves as a relevant example. The attack severely disrupted operations for thousands of its hospital, medical office, and pharmacy customers nationwide.
To mitigate these risks, healthcare organizations can thoroughly vet vendors and conduct simulations to assess how operations would continue if a particular program or service went offline. They should also have procedures prepared to aid recovery from potential events. As Kallie Smith, ECRI’s vice president and information security officer, noted during the webcast, businesses often focus only on breaches that impact their specific industry. “One of the best ways to look at cybersecurity incidents and general IT incidents is to assume that anything like that could happen to any type of organization,” she observed.
